.htaccessを使用してURLを狙ったブルートフォース攻撃防ぐ


サービスに海外からブルートフォースアタックが来たので対策方法共有。


攻撃内容

攻撃の内容は特定のURLが存在するかを確認する手法で、こいつが本当に面倒なこと。

  • 大量にアクセスを送る
  • 海外且つ踏み台のサーバーを使用
  • IPを変更する
  • ブラウザの種類(UserAgent)を変更する

ごく短い間に大量のアクセスを送ってきて、海外のサーバーを使用してIPを変更してブラウザの種類まで変えてくる凶悪なやつです。


対応策

対応策としては大量のアクセスを弾くしかありません。

なのでApacheにモジュールを追加やAWSはWAFを入れて簡単に対応出来ますが今回は説明しません。


サーバー側に対策を入れましたが「一定時間に大量のアクセスをした場合に弾く」処理なので閾値になるまでは弾いてくれません。

僕は不正アクセスするようなやつに出来るだけサーバーのリソースを割きたくない!

なので「攻撃対象のURLは全て403を返す」ようにしました。


.htaccessで特定のURLを含むを弾く

.htaccessを使用して特定のURLに接続しようとするリクエストを弾くことが出来ます


以下を記入することで弾くことが出来ます。

<IfModule mod_rewrite.c?>
 RewriteEngine on

 RewriteCond %{REQUEST_URI} ^.*hoge.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*piyo.php [NC]
 RewriteRule ^(.*)$ – [F,L]
</IfModule?>

hoge.php OR piyo.phpを含む場合に403画面を表示します。

最終行は[OR,NC]にすると次行があると判定してしまうためエラーが発生するので注意してください。


フラグには[NC]もしくは[OR]を指定できます。フラグを二つ設定するにはカンマで区切ります。(例: [NC, OR]

  • [NC] - 大文字小文字を区別せずにパターンと一致するかどうかをテストします。
  • [OR] - いずれかのRewriteCondにあてはまる場合にRewriteRuleを適用します。[OR]を明示しない場合、自動でANDになります。

簡単に導入するサンプル(PHP)

攻撃されたURLを元にサンプルを作成したので活用してください。

※使用しているURLがあるか確認してください。ある場合は該当の行を削除してください。

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{REQUEST_URI} ^.*_404.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*_query.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*099.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*1111.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*12.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*1213.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*123.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*1hou.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*1ndex.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*1q.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*1x.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*2.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*3.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*51.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*51314.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*5201314.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*56.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*666.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*7.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*777.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*92.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*9510.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*9678.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*a.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*aa.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*aaa.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*aaaa.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*aaaaaa1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*admin/mysql/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*admin/mysql2/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*admin/phpmyadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*admin/phpMyAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*admin/phpmyadmin2/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*admin/pma/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*admin/PMA/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*Administrator.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*admn.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ak.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ak47.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ak48.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*Alarg53.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*angge.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*aotu.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*aotu7.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*api.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*app.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*App1c96e70d.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*appserv.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*aw.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*bak.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*boots.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cacti/plugins/weathermap/editor.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cadre.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cainiao.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*caonma.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cc.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cere.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ceshi.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*chaoda.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*claroline/phpMyAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cmd.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cmdd.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cmv.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cn.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cnm.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*composer.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*composers.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*conf.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*conf1g.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*confg.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*conflg.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*conflg.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*coon.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*core.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*cxfm666.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*d.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*d7.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*data.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db.init.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db__.init.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db_cts.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db_dataml.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db_desql.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db_pma.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*db_session.init.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*dbadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*default.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*defect.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*desktop.ini.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*dexgp.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*diy.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*Drupal.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*errors.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*erwa.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*fack.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*fb.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*feixiang.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*fusheng.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*general.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*godkey.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*guai.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*h1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*hack.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*hacly.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*hell.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*hello.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*help.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*help.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*help-e.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*hh.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*hm.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*home.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*htdocs.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*htfr.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*hue2.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*HX.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*index1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*indexa.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*info.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*info1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*infoo.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*infos.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ip.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*izom.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*j.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*java.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*knal.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*l6.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*l7.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*l8.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lala.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lala-dpr.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lang.php?f=1 [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lanke.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lanyecn.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lapan.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ldw.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*liangchen.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*libraries/joomla/jmail.php?waled=1 [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*libraries/joomla/jmails.php?waled=1 [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*libraries/joomla/wl.php?0=1 [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*license.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lindex.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*linux.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*linux1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*linuxse.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ljb.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*log.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*log.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*logon.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lol.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lost.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lucky.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lucky.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*lx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*m.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*m.php?pbid=open [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*manager/html [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mazi.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*MCLi.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*meng.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*miao.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*min.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mm.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*muhstik.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*muhstik2.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*muhstik-dpr.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*muhstiks.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*myadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*MyAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*myadmin2/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mybestloves.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysql.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysql/admin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysql/dbadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysql/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysql/mysqlmanager/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysql/sqlmanager/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysql_admin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysqladmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mysql-admin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*mz.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*neko.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*no.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*nuoxi.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*okokok.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*orange.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ou2.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*p.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*p34ky1337.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*payload.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*paylog.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*paylog.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pe.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*php.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpinfi.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpini.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpma/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmy/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAbmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadm1n/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdm1n/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyadmi/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin.old/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadmin/phpmyadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin/phpMyAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadmin/scripts/db___.init.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin/scripts/db___.init.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadmin/scripts/setup.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin/scripts/setup.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin__/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyadmin_bak/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin\+\+\+---/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadmin0/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadmin1/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin1/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin123/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadmin2/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmin-4.4.0/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmina/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdminold/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpmyadmin-old/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmins/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMyAdmion/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpMydmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phppma/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpstudy.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*phpStudy.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pk1914.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*plugins/weathermap/editor.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pma.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pma/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*PMA/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*PMA2/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pmamy/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pmamy2/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pma-old/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pmd/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pmd_online.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*post.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ppx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*program/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*pwd/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*python.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*q.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*q.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*q.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qa.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qaq.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qaz.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qq.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qq.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qq.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qq.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qq.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qq5262.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qw.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qwe.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qwq.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*qwqw.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*repeat.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ruyi.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*rxr.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*s.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*s.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*s/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*s1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*scripts/setup.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*sean.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*sha.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*shaAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*she.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*sheep.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*shell.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*shell.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*shopdb/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*Skri.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*sllolx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*spider.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ss.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*Ss.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ssaa.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*sss.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*sss.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*super.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*system.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*t6nv.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*test.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*test.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*test.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*test.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*test123.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*test123.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*text.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*tiandi.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*tomcat.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*tools/phpMyAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*toor.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*typo3/phpmyadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*u.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*undx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*up.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*Updata.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*uploader.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*uu.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*uuu.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*v/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*ver.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*vuln1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*w.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wan.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wanan.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wb.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wc.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wcp.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*web/phpMyAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*webdav/ [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*webslee.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*weixiao.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*win.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*win1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wp-admins.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wpc.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wp-config.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wpo.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wshell.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*wuwu11.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*www.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*www/phpMyAdmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xampp/phpmyadmin/index.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xiao.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xiaodai.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xiaohei.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xiaoma.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xiaomae.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xiaomar.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xiaomo.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xiaoyu.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xp.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xshell.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xw.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xw1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xxx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xxxx.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*xz.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*yj.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*yumo.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*z.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*z.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*z.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zshmindex.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zuo.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zuoindex.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zuos.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zuoshou.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zuoshss.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zuoss.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zxc0.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zxc1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zxc1.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zxc2.php [OR,NC]
 RewriteCond %{REQUEST_URI} ^.*zzk.php [NC]
 RewriteRule ^(.*)$ – [F,L]
</IfModule>

まとめ

DDosのブルートフォースアタックは性質が悪く対応も完全には出来ません。

今回のURLのアタック対象を見るとわかりますが、Webサービスが完全にPHPとばれてしまっています。

これは色々試してみましたが「http://domain.co.jp/index.php」でトップのページが表示された場合、PHPを使用していることがわかってしまうためかと思われます。


出来れば完全に駆逐出来る方法があると助かるですが、DDosの攻撃は難しいです・・・


0 件のコメント :

コメントを投稿